KLA10535
Multiple vulnerabilities in Inductive Automation Ignition
Обновлено: 17/06/2019
Дата обнаружения
03/04/2015
Уровень угрозы
High
Описание

Multiple serious vulnerabilities have been found in Inductive Automation Ignition. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or inject arbitrary code.

Below is a complete list of vulnerabilities

  1. Improper passwords handling can be exploited remotely via an unknown vectors;
  2. An unknown vulnerability can be exploited remotely vai a specially designed session ID’s;
  3. Improper session handling can be exploited remotely via vectors related to logout action;
  4. Improper Server credentials storaging and other unknown vulnerability can be exploited remotely via error messages manipulation;
  5. XSS vulnerability can be exploited remotely via an unspecified vectors.
Пораженные продукты

Inductive Automation Ignition 7.7.2 

Решение

Update to the latest version
Get Ignition

Оказываемое влияние
?
OSI 
[?]

CI 
[?]

SB 
[?]
CVE-IDS
CVE-2015-09922.1Warning
CVE-2015-09915.0Critical
CVE-2015-09764.3Warning
CVE-2015-09955.0Critical
CVE-2015-09944.0Warning
CVE-2015-09936.4High